Extreme Networks EPICenter, EPICenter 4.1 Software Installation Manual

Extreme Networks, Inc.

3585 Monroe Street

Santa Clara, California 95051

(888) 257-3000

http://www.extremenetworks.com

EPICenter™ Software
Installation and User Guide

Version 4.1

Published: June, 200 3

Part number: 100143- 00 Rev. 01

2

©2003 E xtrem e Ne tw orks , In c. A ll ri ghts rese rve d. E xt reme Ne two rk s an d Blac kDi am ond are reg ist ered t rad ema rks of
Extreme Networks, Inc. in the United States and certain other jurisdictions. EPICenter, ExtremeWare, ExtremeWare Vista,
ExtremeWorks, Extre meAss ist, Ex tremeA ssist 1, E xtreme Assist2 , Pa rtner Assist , Extrem e St andby R oute r Protoc ol, E SRP,
SmartTraps, Alpine, S ummit, Summi t1, Sum mit4, Su mmit4 /FX, Summit7i , Sum mit24 , Summi t48, Su mmit Virtual
Chassis, SummitLink, SummitGbX, SummitRPS and the Extreme Networks logo are trademarks of Extreme Networks,
Inc., which may be registered or pending registration in certain jurisdictions. The Extreme Turbodrive logo is a service
mark of Extreme Networks, which may be registered or pending registration in certain jurisdictions. Specifications are
subject to change without notice.

Solaris is a trademark of Sun Microsystems, Inc.
This pro duct inc lud es s oft ware deve lop ed b y the Ap ache Sof tware Fou nd atio n (h ttp: //w ww.apach e.org ).
This produ ct c onta ins c opyr ig ht mate ria l lic ens ed from Adve nt Net, I nc. (h ttp ://w ww.adve ntne t.c om). All ri ght s to suc h

copyright material rest with AdventNet.
All other registered trademarks, trademarks and service marks are property of their respective owners.

EPICenter Software In stallation an d User Guide 3

Contents

Preface

Introduction 17

Terminology 17

Conventions 18
Related Publications 19

Chapter 1 EPICenter and Policy Manager Overview

Introduction 21
Summary of Features 22

Simple Inventory Management 23
The Alarm System 23
The Configuration M anager 23
The Grouping Manager 23
The IP/MAC Address Finder 24
Interactive Telnet Applet 24
ExtremeView Configuration and Status Monitoring 24
Real-Time Statistics 24
Topology Views 25
Enterpris e-wide VLA N Mana gement 25
The ESRP Mana ger 25
The STP Moni tor 26
Dynamic Reports 26
Distributed Server Mode 26
Security Management 26
EPICenter Stan d-alone Utilit ies 27

EPICenter Components 27

Extreme Networks Switch Management 28

Extreme Network s Dev ice Supp ort 29
Third-Party Device Support 29
Overview of the Policy Man ager 29

4 EPICenter Software Installation and User Guide

Contents

Basic EPICenter Policy Definition 30
Policy Types 31

Access-based Sec urity Policies 31
IP-Based Policies (A ccess List Policies) 33
Source Port Policies 36
VLAN Policies 37

Policy Named Components 38
Policy Access Domain and Scope 41
Using Groups in Policy Definitions 42

Precedence Relationship s within the Policy Ma nager 43

Policy Configuration 43
Cisco D evice Su pport 44

Cisco Port M appings 4 4
Limitations on Cisco Device Support 44

EPICenter Policy Limitations 45

Chapter 2 Installing the EPICenter Software

Installation Overview 47
Server Requirements 48

Windows 2000 or Windows XP 48
Solaris 48

Client Requirements 49
Browser Requ irements f or Report s 49
EPICenter S oftware L icensing 50

Obtaining an Ev aluation Licen se 50
Obtaining a Perma nent License 50
Upgr adin g an Eval ua tion L icen se 5 0
Adding a License for an Optional Product 51

Upgrading from a Previous Release 51
Installing on a Windows 2000 or Windows XP System 52

Adding or Upd ating the License Key 55

Installing on a Solaris System 56

Required Patches 56
Local Nam e Resolution 56
Installing the EPIC enter Server 56
Adding or Upd ating a License K ey 61
Setting Up SNMP Version 3 for Solaris and Windows 62

Installing the EPICenter Client 62

Installing the S tand-Alone Cl ient Application o n Windows 2000 or Windows XP 63
Installing the Stand -Alone Cl ient Application in the Solaris O perating Envi ronment 64

EPICenter Software In stallation an d User Guide 5

Contents

Uninstalling the EPICenter Software 66

Uninstalling the E PICenter Server on Windows 2000 or Windows XP 66
Uninstalling the E PICenter Stand -Alone Clie nt Application o n Windows 2000 or

Windows XP 67
Uninstalling the E PICenter Server in Solaris 67
Uninstalling the E PICenter Stand -Alone Clie nt Application in Solaris 68

Chapter 3 Starting EPICenter

Running t he EPICent er Serve r Software un der Windows 69

Starting the EPICenter Se rver 69
Shutting Down the EPICenter Server Components 70

Restarting the EPICenter Server Components as Services 71

Running t he EPICente r Server Sof tware un der Solari s 71

Starting or Restarting the EPICenter Server 71
Shutti ng D own th e EPI Cente r Se rver Co mpo nent s 71

The EPICenter Client 72
Running the EPICenter Stand-alone Client 72

Viewing Reports from the Stand-Alone Client 74

Running the EPICenter Client in a Browser 74
The Netw ork Status Summ ary Report P age 77

The Distributed Server Summary 78
The “Ab out EPI Center ” Page 79

Navigating the EPICenter Applications 80

The Navig ation Toolbar 80
Main Applet Frame 82
The Component Tree 82
The Status/Detail Information Panel 83
Moving the Component Tree Boundary 84
Resizing Columns 84
Sorting Columns 85
Applet Function Buttons 85
Printing from EPICenter 86

Chapter 4 Using the Inventory Manager

Overview of the EPICenter D evice Inventory 8 7

Gathering Device Status Information 88

Displaying the Network Device Inventory 89
Viewing Device Stat us Informa tion 90

Viewing Device Information from Pop-up Me nus 92

Discovering Network Devices 95

6 EPICenter Software Installation and User Guide

Contents

Adding De vices a nd Devic e Groups 100

Adding a Device 100
Creating a Device Group 102

Modifying Devices and Device Groups 104

Modifying a Device 104
Modifying a Device Group 107

Deleting Devices and Device Groups from the Database 109

Deleting a Device 109
Deleting a Device Group 110

Updating Devi ce Information 111
Configuring Default Access Parameters 112
Finding Devices 114
Displaying Properties 115

All Device Group Properties 115
Device Properties 117

Chapter 5 The EPICenter Alarm System

Overview of the EPICenter Alarm System 121
The Alarm Log Browser 122

Acknowledging an Alarm 124
Deleting Alarm Lo g Entries 12 4
Deleting Groups of Lo g Entries 124
Viewing Alarm Details 126
Filtering the Alarm Display 1 26
Deleting Alarm Lo g Filters 128
Pausing All Alarms 129

Defining Alarms 129

Creating a New Alarm Definition 130
Modifying Alarm Definitions 138
Deleting Alarm Definitions 138

Alarm Categories 138

Creating a Ne w Alarm Categor y 138
Modifying an Alarm Category 139
Deleting an Alarm Category 139

Threshold Configuration 139

Creating an Event Rule 142
Modifying a Rule 150
Deleting a Rule 151
Resynchronizing the RMON Rules 151
Configuring Other SNMP Trap Events 152

Configuring EPICenter as a Syslog Receiver 153

EPICenter Software In stallation an d User Guide 7

Contents

Setting EPICenter as a Trap Receiver 153
Log Archive 154
Writing Tcl Scripts for Alarm Actions 155

The Tc l Scripting E nvironment 155

Chapter 6 Configuration Manager

Overview of the C onfigura tion Ma nager 157

Viewing Device Information from Pop-up Menus 159

Uploading Configurations from Devices 163
Archiving Configuration Settings 165

Device Schedules 165
Global Schedules 167

Downloading Configuration Information to a Device 168
Downloading an Incremental Configuration to Devices 169

Creating an Increment al Config uration File 170

Upgrading Software Images 170

Performing a Multi-Step Upgrade 171
Upgrading Images on Devices 173
Upgrading BootROM on Devices 177
Upgrading Slot Images on Modular Devices 178

Selecting Software Images 181
Specifying the Current Software Versions 182
Performing a L ive Softw are Update 183

Obtaining New Software Images 184

Configuring the TFTP Server 186
Finding Devices 187
Displaying Properties 187

Device Group Properties 188
Device Properties 188

Chapter 7 Using the Interactive Telnet Application

Overview of the Interactive Telnet Applet 191
Using Telnet with Extreme Switches 191

Running ExtremeWare Command Macros 192
Running a Telnet Session on an Individual Switch 196

Using Interactive Telnet with Third-Party Devices 199

8 EPICenter Software Installation and User Guide

Contents

Viewing Device Info rmation fro m Pop-up M enus 199

Properties 199
Alarms 200
Browse 200
EView 200
Statistics 200
Sync 201
VLANs 201

Finding Devices 201
Displaying Properties 202

Device Group Properties 202
Device Properties 202

Chapt er 8 The Gro uping Manag er

Overview of the Grouping M anager 205
Displayi ng EPIC enter G roups an d Reso urces 207

Resource Details 209
Grouping Manager Func tions 210

Creating a New Resource 211
Deleting Resources 213
Adding a Resource as a Child of a Group 213
Removing A Child Resource from a Group 216
Adding R elationshi ps to a Re source 21 6

Removing Relationships from a Resource 218

Adding an d Remov ing Attrib utes 219
Searching for a Resource 221

Setting up a Resource Search 222
Searching from the Main Toolbar 224
Search ing fr om the Add Reso urces or Ad d Rel ation shi p Window 225

Importing R esource s 225

Importing from an LDAP Directory 227
Importing from a File 228
Importing from an N T Domain Controller or NIS Server 232

Chapter 9 Using the IP/MAC Address Finder

Overview of the IP/MAC Finder Applet 233

ExtremeWare Software Requirements 234

Ta sks Li st Summ ary Window 234
Creating a Search Task 236

EPICenter Software In stallation an d User Guide 9

Contents

Detailed Task View 238

Exporting Task Results to a Text File 240

Chapter 10 Using ExtremeView

Overview of the ExtremeView Application 243
Viewing Device Status Information 244
Viewing Switch Configuration Information 248
Viewing Switch Statistics 253
Finding Devices 255
Viewing Device Info rmation fro m Pop-up M enus 256

Properties 256
Alarms 257
Browse 257
Statistics 258
Sync 258
Telnet 258
VLANs 258

Displaying Properties 259

Device Group Properties 259
Device Properties 259
Slot Properties 260
Port Properties 263

Chapter 11 Real-Time Statistics

Overview of Real-Time Statistics 267
Displaying Multi-port Statistics 269
Displaying Statistics For a Single Port 271
Changing the Display Mode 273
Setting Graph Preferences 274
Taking Graph Snapshots 277
Viewing Device Info rmation fro m Pop-up M enus 279

Properties 279
Alarms 279
Browse 280
EView 280
Sync 280
Telnet 280
VLANs 281

10 EPICenter So ftware Installatio n and User Guid e

Contents

Displaying Properties 281

Device Group Properties 281
Device Properties 281
Slot Properties 282
Port Properties 283

Chapter 12 Network Topology Views

Overview of EPICenter Topology Views 285
Displaying a Network Topology View 286

Map Elements 287
Map Element Description Panel 291

Manipula ting Topology Views and Maps 292

Creating a New View or a New Map 293
Node Placement Criteria in an Auto Populate View 294
Adding Elements to the Map 297
Editing the Map 3 01
Setting View Properties 304
Map Viewing Functions 305

Displaying VLAN Info rmation 313
Using the Tools Menu 315

Mark Links Mode 315
Adding Link s to a VLAN 315
Connecting an Edge Port to a VLAN 317
Device Alarms 318
Device Browse 319
Device Statistics 319
Device Telnet 319
Device View 319
Device VLANs 320
Device Properties 320

Chapter 13 Using the VLAN Manager

Over view of Virtua l LA Ns 321
Displaying a VLAN 322

Viewing VLANs on a Switch 324
Viewing Switches in a VLAN 325
Viewing VLAN Member Ports 326
Viewing Device Information from Pop-up Menus 328

Adding a V LAN 330
Deleting a VLAN 333

EPICenter Software In stallation an d User Guide 11

Contents

Modifying a VLAN 334

Modifying a VLAN from the Toolbar 335
Modifying a VLAN from the Component Tree Menu 337

Adding and Deleting Protocol Filters 338

Chapter 14 The Spanning Tree Monitor

Overview of the Spanning Tree Monitor 341
Displaying STP Domain Information 342

Displaying STP VL AN Configur ations 344
Displaying STP Dev ice Configurations 344
Displaying STP Port Information 346

Viewing STP Domain Properties from Pop-Up Menus 347

STP Properties 347
VLAN Properties 348
The Device Pop-Up Menu 348

Chapter 15 The ESRP Manag er

Overview of the ESRP Manager 351
Viewing ESRP Detail Information 353

Chapter 16 Administering EPICenter

Overview of User Administration 355

Controlling EPICent er Access 355
The EPICenter RADIUS Server 356
Setting EPICenter Server Properties 356

Starting the EPICenter Client for the First Time 357

Changing the Adm in Password 358

Adding or M odifyin g User Acco unts 35 8
Deleting Users 360
Changing Your Own User Password 360
RADIUS Administration 361

RADIUS Server Configuration 362
RADIUS Client C onfiguratio n 363
Disabling RADIUS for E PICenter 363

Server Properties Administration 363

Devices Properties 365
Scalability Properties 366
SNMP Properties 367
Topology Properties 368
External Connection Properties 369
Other Properties 369

12 EPICenter So ftware Installatio n and User Guid e

Contents

Distribu ted Server A dministra tion 3 70

Configuring a Server Group Member 371
Configuring a Ser ver Group Manager 372

Chapter 17 Dynamic Reports

Overview of EPI Center R eports 373
Network Status Su mmary Report 37 4
Dynamic Reports 375
Viewing Predefined EPICenter Reports 376

Report Filtering 376
Server State Summary Report 378
Device Inventory Report 379
Slot Inventory Report 381
Device Status Report 382
VLAN S umma ry Rep ort 382
Voice VLAN Summary Report 383
Interface Report 383
Resource to Attribute Mapping Report 384
Unused Ports Report 385
User to Host Mapping Report 385
Network Login Rep ort 386
Alarm Log Report 386
Event Log Report 387
System Log Report 387
Configuration Mana gement Log Rep ort 388

Printing EPICenter Reports 389
Exporting R eports 389
Creating New Reports 389

Creating or Modifying a Report 391
Adding a User-Defined Report to the Reports Menu 392
Debugging 392

Chapter 18 Voice over IP Manager

Over view of Vo ic e Ov er IP Man age men t 3 95
Viewing VoIP VLAN Settings 395
Selecting VLANs for VoIP 397
QoS Settings for a VoIP VLAN 400

Default Configura tion Attributes 401
Minimum Bandw idth Calculatio ns 402

Configuring QoS Settings 404

EPICenter Software In stallation an d User Guide 13

Contents

Vo IP Reports 407

Voice VLAN Summary Report 407

Known Behaviors and P roblems 407

Chapter 19 Using the Policy Manager

Using the Policy Manager 409
Policies View 411

Policy Definition Page 412
Policy Traffic Page 414

Creating a New Policy 416
Edit Policy Endpoints Window 423
Edit Policy Access Domain/Policy Scope Window 425
Modifying Policies 427
Deleting a Policy 429
Resetting a Policy 429
Configuring Policy Precedence 430
Viewing and Modifying QoS Profiles 431
Configuri ng QoS P olicie s 433

Auto Configuration 433
Directed Configuration 434

Chapter 20 The ACL Viewer

ACL Viewer Summary Displays 438

Access List Dis play 439

Policy Rule Co mparison 441
View Policy Rules 442
View Configured Rules 442

VLAN QoS D isplay 443

Policy Rule Co mparison 444
View Policy Rules 445

Source Port QoS Display 445

Policy Rule Co mparison 447
View Policy Rules 448
View Configured Rules 448

QoS Profile Display 449
Network Login/802.1x Display 450
Cisco Device Policy Setup 451

14 EPICenter So ftware Installatio n and User Guid e

Contents

Appendix A Troubleshooting

Troubleshooting A ids 455

Using the Stan d-alone Clie nt Application 45 5
Using the Browser-based Client (Windows On ly) 456

EPICenter Client 457
EPICenter Database 458
EPICenter Server Issues 459
VLAN Man ager 461
Alarm System 462
ESRP Ma nager 464
Inventory Manage r 464
ExtremeView 465
Groupi ng Manag er 466
Printing 466
Topology 466
STP Mon itor 467
Reports 467

Appendix B EPICenter Utilities

The DevCLI Utility 469

Using the DevCLI Commands 470
DevCLI Examples 472

Inventory Export Scripts 473

Using the Inventory Export Scripts 473
Inventory Export Examples 475

The SNMPCLI Utility 476

Using the SNMPC LI Utility 47 6
SNMPCLI Examples 477

Port Configuration Utility 477
The AlarmMgr Utility 479

Using the AlarmMgr Command 479
AlarmMgr Output 481
AlarmMgr Examples 481

The FindAddr Utility 481

Using the FindAddr Command 482
FindAddr Output 483
FindAddr Examples 484

EPICenter Software In stallation an d User Guide 15

Contents

The TransferMgr Utility 484

Using the TransferMgr Command 484
TransferMgr Examples 486

The VlanMgr Utility 487

Using the VlanMgr Command 487
VlanMgr Output 489
VlanMgr Examples 489

The ImportResources Utility 490

Using the ImportResources Command 490
ImportResources Examples 492

Appendix C EPICenter External Access Protocol

External Access Protocol Over view 493
External Access Protocol Stru cture 493

EPICenter Server Commands 496

Tcl Client API 498

Installing and U sing the Tcl Client API 499
Tcl Exported Functions 499

Appendix D EPICenter Database Views

Device Report View 505
Interface Report View 507
Database Event Log View 508
Database Alarm Log View 509

Appendix E Event Types for Alarms

SNMP Trap Events 511
RMON Rising Trap Events 515
RMON Falling Trap Events 515
EPICenter Events 516

Appendix F EPICenter Backup

EPICenter Log Backups 517
Database Utilities 518
The Validation Utility 518

Using the DBVALID Command-line Utility 518
Database Connection Parameters 519

16 EPICenter So ftware Installatio n and User Guid e

Contents

The Backup Utility 519

The DBBAC KUP Comma nd-line Utility 519
Database Connection Parameters 520
Installing a Back up Database 520

Appendix G Dynamic Link Context System (DLCS)

Over view of DLC S 523
Using DLCS with the Policy Manager 523
DLCS Properties 524
Enabling DLCS on an Extreme Switch 524
DLCS Limitations 524

ISQ Improvements 525

Appendix H EPICenter Policy System Feature Comparison

ExtremeWare 6.2 Features Supported 527
ExtremeWare 6.0.x and 6.1.x Features Supported 528
ExtremeWare 5.x Features 529
ExtremeWare 4.x Features 530
Cisco Internetworking Operating System (IOS) 11.2 Features 531
EPICenter Policy Issues and Limitations 531

EPICenter Software In stallation an d User Guide 17

Preface

This preface provides an overview of this guide, describes guide conventions, and lists other useful
publications.

Introduction

This guide provides the required information to use the EPICenter software. It is intended for use by
network managers who are responsible for monitoring and managing Local Area Networks, and
assumes a basic working knowledge of:

• Local Area Networks (LANs)

• Ethernet concepts

• Ethernet sw itching and br idging conce pts

• Routing concepts

• The Simple Network Management Protocol (SNMP)

NOTE

If the information in the EPICenter Release Note and Quick Start Guide shipped with your software
differs from the information in this guide, follow the Release Note.

Terminology

When features, func tionality, or operatio n is specific to the S ummit, Al pine, or Black Diamond swit ch
family, the family name is used. Explanations about features and operations that are the same across all
Extreme switch p roduct families simply refer to t he product as the “Extreme dev ice” or “E xtreme
switch.” Explanations about features that are the same for all devices managed by EPICenter (both
Extreme devices and others) are simply refer to “devices.”

18 EPICenter So ftware Installatio n and User Guid e

Preface

Conventions

Ta ble 1 and Table 2 list conventions tha t are used throughou t this guide.

.

Table 1: Notice Icons

Icon Notice Type Alerts you to...

Note Important features or instructions.

Caution Risk of unintended consequences or recoverable loss of data.

Warning Risk of permanent loss of data.

Table 2: Text Conventions

Convention Description

Screen displays This typeface represents information as it appears on the screen.

Screen displays
bold

This typeface indicates how you would type a particular command.

The words “enter”
and “type”

When you see the word “enter” in this guide, you must type something, and then press
the Return or Enter key. Do not press the Return or Enter key when an instruction
simply says “type.”

[Key] names Key names appear in text in one of two ways. They may be

• referred to by their labels, such as “the Return key” or “the Escape key.”

• written with brackets, such as [Return] or [Esc].

If you must press two or more keys simultaneously, the key names are linked with a
plus sign (+). For example:

Press [Ctrl]+[Alt]+[Del].
Words in bold type Bold text indicates a button or field name.
Words in italicized ty pe Italics emphasize a point or denote new terms at the place where they are defined in

the text.

Related Publi cations

EPICenter Software In stallation an d User Guide 19

Related Publications

The EPICenter documentation set includes the following:

• The EPIC enter Software Inst allation and Use r Guide (the manual you are reading)

• EPICenter SE Release Note and Quick Start Guide

• EPICenter License Agreement

The EPICenter Software Installation and User Guide can be found online in Ado be Acrobat PDF format , in
the

docs subdirectory of the EPICenter installation directory. You must have Adobe Acrobat Reader

version 3.0 or la ter (available from ht tp://www.adobe.com free of charge).

Other manuals that you will find useful are:

• ExtremeWare Software User G uide

• ExtremeWare Quick Reference G uide

For documentation on Extreme Networks products, and for general information about Extreme
Networks, see the Extreme Networks home page:

• http://www.extremenetworks.com

Customers with a support contract can access the Technical Support pages at:

• http://www.extremenetworks.com/support/database .htm

The technical support pages provide the latest information on Extreme Networks software products,
including the la test Releas e Note, informati on on known p roblems, downloa dable updates or
patches as appropriate, and other useful information and resources.

Cust omer s wit hout c ontr act s can a cce ss ma nual s and patc hes a t:

• http://www.extremenetworks.com/support/documentation.asp

20 EPICenter So ftware Installatio n and User Guid e

Preface

EPICenter Software In stallation an d User Guide 21

1 EPICenter and Policy Manager

Overview

This chapter describes:

• The f ea tu res o f th e EP IC ente r

™

software

• The EPICenter software components

• An overview of the Policy Manager features

• An introduction to the concepts that are fundamental to creating policies using the EPICenter Policy

Manager

• A brief comparison of the features available through the EPICenter Policy Manager with the features

available through the ExtremeWare Command Line Interface (CLI)

Introduction

Today's corporate networks commonly encompass hundreds or thousands of systems, including
individual end user systems, servers, network devices such as printers, and internetworking systems.
Extreme Networks™ recognizes that network managers have different needs, and delivers a suite of
ExtremeWare™ management tools to meet those needs.

EPICenter is a powe rful yet easy-to-u se application s uite that facilita tes the management of a network
of Summit

™

, BlackDiamond™, and Al pin e™ switches, as well as sele cted third-par ty switches . EPIC enter
makes it easier to perform configuration and status monitoring, create virtual LANs (VLANs), and
implement policy-based networking in enterprise LANs with Extreme Networks switches. EPICenter
offers a comprehensive set of network management tools that are easy to use from a client workstation
running EPICenter c lient software, or from a work station configured wit h a web browser and the J ava
plug-in.

EPICenter leverages the three-tier client/server architecture framework represented by Java applets, and
can be accessed using Microsoft Internet Explorer or with Sun’s Java Plug-in. The E PICenter application
and database support two of the most popular operating environments in the marketplace, Microsoft
Windows 2000/XP and Sun Microsystems Solaris. Integration with HP OpenView and other third-party
network managem ent software produc ts provides additiona l flexibility.

22 EPICenter So ftware Installatio n and User Guid e

EPICenter and Po licy Manager Overvi ew

Summary of Features

In large corporate networks, network managers need to manage systems “end to end.” The EPICenter
software is a powerful, flexible and easy-to-use application for centralizing the management of a
network of Extreme switches and selected third-party devices, regardless of the network size. The

EPICenter software provides the vital SNMP, HTML, and CLI-based tools you need for network-wide

management of Extreme Networks Summit, Black Diamond, and Alpine switches.

• Network C ontrol. Th e EPICenter software provides configuration and monitoring of Extreme

Networks' switches and selected third-party devices anywhere on the network simultaneously.

• Intelligent Management. Extreme SmartTraps

™

(patent pending) automatically gather switch
configuration changes and forward them to the EPICenter server, thereby minimizing network
management traffic. EPICenter separates its “heartbeat” polling, used to asses a device’s connectivity,
from its less frequent and more data-intensive status polling.

• Hierarchical Displays. Most information, includ ing that found in EPICenter to pology maps, V LAN

management, configuration management, and real-time statistics, is dynamically presented in an
easy-to-navigate hierarchical tree.

• Multi-platform capability. The EPICenter server supports Sun SPARC/Solaris and Intel, Windows

2000, and Windows XP. Client applications on either of these platforms can connect to servers on
either platform.

• Support for mu ltiple us ers with securi ty. Users must log in to the applicatio n, and can be g ranted

different levels of access to the application features.

• Web -based or installed clients. The EPICenter software gives you a c hoice of installin g client

softwa re, or c onnec ting to the EP ICen ter se rver t hroug h a web- brow ser-base d clie nt, av ailab le on
Windows client machines.

• Man age l arg e nu mbe rs of dev ice s. The EPICenter server can manage up to 2000 devices with a

single installation of the EPICenter software. For even larger networks you can split the management
task a mon g sev eral E PICe nter serve rs in a di strib uted serve r mod e th at let s you mon itor t he st atus
of those servers from a single client.

Extreme Networks switches and many other MIB-2 compatible devices can be monitored and controlled
from a central interface, without exiting EPICenter to run a separate program or telnet session. Features
such as SmartTraps

and the EPICenter alarm system further maximize network monitoring capability

while maintain ing network usag e efficiency.

You can organize your network resources into non-exclusiv e groups (including groups made up of
selected ports from mult iple switches) that you can manage as a single ent ity. Dev ice groupings can be
based on a variety of factors. For example, physical location, logical grouping, devices that support
SSH2, and so on. Using device groups, you can search for individual IP addresses and identify their
connections into the network. You can monitor the status of your network devices either visually,
through the Extrem eView applet, or by s etting al arms that will not ify you ab out cond itions or events on
your network devices. You can get a high-level overview of the status of your network devices
displayed as a hierarchical topology map.

These features and more are descr ibed in more det ail in the fo llowing sectio ns, and in th e remaining
chapters of this manual.

Summary of Features

EPICenter Software In stallation an d User Guide 23

Simple Inventory Management

EPICenter’s Inventory Manager applet keeps a database of all the devices managed by the EPICenter
software. Any EPICenter user can view status information about the switches currently known to the
EPICenter database.

The EPICenter Inventory Management applet provides an automatic discovery function. Users with the
appropriate access can use this feature to discover Extreme and other MIB-2 devices by specific IP
address or within a range of IP addresses.

Network devices can also be added to the EPICenter database manually, using the Inventory Manager
Add function. Once a network device is known to the EPICenter database, you can assign it to a specific
device group, and config ure it using the VL AN Manager, the Configuration M anager, or the
ExtremeView tool.

EPICenter also pro vides a comma nd-line utilit y that lets you c reate device groups and import la rge
numbers of devices into the inventory database through scripts, to streamline the process of adding and
organizing devices fo r management pu rposes.

The Alarm System

The EPICenter Alarm System provides fault detection and alarm handling for the network devices
monitored by the EPICenter software. This includes Extreme devices and some third-party
devices—those that the EPICenter software can include in its Inventory database. The Alarm System
also lets you def ine your own alarm s that will report errors under cond itions you specify, such as
repeated occurrences or exceeding threshold values. You can specify the actions that should be taken
when an alarm occurs, and you can enable and disable individual alarms.

Fault detection is based on SNMP traps, RMON traps, Syslog messages, and some limited polling. The
Alarm System supports SNMP MIB-2 and the Extreme Networks private MIB. You can also configure
alarms based on certain event thresholds, or on the content of Syslog messages. When an alarm occurs
you can specify actions such as sending e-mail, forwarding a trap, running a program, running a script,
or sounding an audible alert.

The Configuration Manager

The EPICenter Configuration Manager applet provides a mechanism and a graphical interface for
uploading an d downloadin g configurati on files to and from m anaged devic es. It can also download
ExtremeWare software images and BootROM images to Extreme Networks devices, or to Extreme
modules that include software.

The Configura tion Manager provid es a framewor k for storing the conf iguration file s, to allow tracking
of multiple ve rsions. Config uration file up loads can be pe rformed o n demand, or c an be schedu led to
occur at regular times—once a day, once a week, or at whatever interval is appropriate.

The Grouping Manager

One of the po werful features of the EPICen ter software is its ability to tak e actions on m ultiple dev ices
or resources with a single user action. The Groupi ng Manager facilita tes this by letting y ou organize
various resources into hierarchical groups, which can then be referenced in other applets. You can then
take actions on a group, rather than having to specify the individual devices or ports that you want to
affect.

24 EPICenter So ftware Installatio n and User Guid e

EPICenter and Po licy Manager Overvi ew

You can also create or import named resources such as users and workstations, which can be mapped
through the Grouping M anager to IP addresses and por ts. This capab ility is especially im portant in
relationship to the optional Policy Manager applet, which takes advantage of these types of resources to
simplify the creation of QoS and Access List policies.

The IP/MAC Address Finder

The IP/MAC Address Finder applet lets you search for specific network addresses (MAC or IP
addresses) and identify the Extreme Networks switch and port on which the address resides. You can
also use the IP/MAC Finder applet to find all addresses on a specific port or set of ports. You can
export the results of your search to a file, either on the server or on your local (client) system.

Interacti ve Telne t Applet

The ExtremeView Telnet feature includes a macro capability that lets you create and execute scripts of
CLI commands repeatedly on multiple devices in one operation. You can save your macros for reuse at
other times. Results of the most recent macro run on each device are saved into log files, and can be
viewed from within the Telnet applet.

You can also use the int eractive Telnet capability to view and modify config uration info rmation for
some Cisc o and 3CO M dev ices as w ell a s for Extrem e Ne twor ks de vice s.

ExtremeView Configuration and Status Monitoring

With the ExtremeView applet, any Extreme Networks switch can be monitored through a front panel
image that provides a visual device representation, and can be configured without leaving the
EPICenter client to invoke another program or Telnet session.

The ExtremeView applet displays detailed information about the status of Extreme switches in a
number of categories. Any EPICenter user can view status information about the network devices
known to the EPICenter database. Users with the appropriate access permissions can also view and
modify configuration information for those switches through the ExtremeWare Vista graphical user
interface, accessed through the ExtremeView applet.

Real-Time Statistics

The Real-Time Statistics feature of the EPICenter software provides a graphical presentation of
utilization and e rror statistics for Extreme sw itches in real time. The data is taken from M anagement
Information Base (MIB) objects in the etherHistory table of the Remote Monitoring (RMON) MIB. You
can choose from a variety of styles of charts and graphs as well as a tabular display.

You can view data f or mult iple port s on a de vice, de vice slo t, or with in a po rt group, option ally lim iting
the display to the “top N” ports (where N is a number you can configure). You can also view historical
statistics for an individual port. If you choose to view a single port, the display shows the value of the
selected variable(s) over time, and can show utilization history, total errors history, or a breakdown of
individ ual erro rs.

In addition, the Real-Time Statistics applet lets you “snapshot” a graph or table as a separate browser
page. You can then save, print, or e-mail the page.

Summary of Features

EPICenter Software In stallation an d User Guide 25

To pology Views

The EPICenter software’s Topology applet allows you to view your network (EPICenter-managed
devices and the links between Extreme Networks devices) as a set of maps. These maps can be
organized as a tree of submaps that allow you to represent your network as a hierarchical system of
campuses, buildings, floors, closets, or whatever logical groupings you want.

The Topo logy applet can automatically add device nodes to your map as devices are added to
EPICenter softw are’s device invent ory. The EPICenter software autom atically detects a nd adds links
that exist between Extreme Networks devices, and organizes the device nodes into submaps as
appropriate. The links between devices provide information about the configuration and status of the
links.

You can customize the resulting maps by creating submaps, moving map elements within or between
submaps, adding new elements, such as links, “decorative” (non-managed) nodes, and text, and
customizing the look and labeling of the discovered nodes themselves. In addition, options are available
to organ iz e an d o ptim iz e th e m ap l ay out to d ispl ay very large nu mbe rs o f de vi ces with th e m in imu m of
device and link o verlap.

The Topo logy applet also provides information about the VLANs configured on devices in a topology
view. Us ing the Display VLANs feature, you can visually see which links and devices are configured for
a selected VLA N, or select a sp ecific device or link to see wha t VLANs a re configured on that device.
You can also configure a VLA N in a topolog y by adding ports or trunk links.

Finally, from a managed device node on the map, you can invoke other EPICente r functions such as the
alarm browser, telnet, real-time statistics, a front panel view, the VLAN M anager, or ExtremeWare Vista
for the selected device.

Enterprise-wide VLAN Management

A virtual LAN (VLAN) is a group of location- and topology-independent devices that communicate as
if they were on the sam e physical local a rea network (LAN).

The EPICenter VLAN Manager is an enterprise-wide application that manages many aspects of VLANs
on Extreme Network’s Summit, BlackDiamond, and Alpine switches. Any EPICenter user can view
status information about the VLANs known to EPICenter across the network. Users with the
appropriate access can create and delete VLANs, add and remove ports from existing VLANs, and
create and modify the protocol filters used to filter VLAN traffic. When creating or modifying a VLAN,
you can get EPICenter to determine whether there is connectivity between the devices you have
included in the VLAN, and if not, it can recommend what ports and devices you should add to achieve
connectivity.

The ESR P Manager

The Extreme Standby Router Protocol (ESRP) is a feature of ExtremeWare that allows multiple switches
to provide redundant layer 3 routing services, as well as layer 2 redundancy, to users. The ES RP
Manager displays the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs.
You can view a summary status for all the ESRP-enabled VLANs being monitored by the EPICenter
software. You can also view detailed information f or an indi vidual ESRP- enabled VLAN and the
switches in those VLANs.

26 EPICenter So ftware Installatio n and User Guid e

EPICenter and Po licy Manager Overvi ew

The STP Monitor

The EPICenter Spanning Tree Protocol (STP) Monitor module displays information about STP domains
network -wid e at the doma in, VLA N, de vice, an d po rt levels . The S TP Mo nitor ca n mon itor S TP
domains configured on devices running ExtremeWare 6.2.2 or later. Earlier versions of ExtremeWare
supported the Spanning Tree protocol. STP information via SNMP is available starting with
ExtremeWare version 6.2.2.

Dynamic Reports

EPICenter Reports are HTML pages that can be accessed separately from the main EPICenter user
interface, without logging in to the Java user interface. The Reports module can also be accessed from
the EPICenter Navigation toolbar. A Summary R eport is also displayed on the main EPICenter “home”
page that provides basic information on the status of EPICenter devices and alarms. From this report
you can access other more detailed reports.

The EPICenter reports are HTML pages that do not require Java capability, and thus can be accessed
from browsers that do no t have the abilit y to run the full EPI Center user i nterface. This means reports
can be loaded quickly, even over a dial-up connection, and it also provides the ability to print the
reports.

The Reports ca pability provide s a number of predefin ed HTML repor ts that present infor mation from
the EPICenter database. You can also create your own reports by writing Tcl scripts.

Distri buted Serve r Mode

To manage very large numbers of network devices, or devices that are geographically distributed, the
management task can be divided up between multiple EPICenter servers. Each server in the server
group is updated at regular intervals with network summary and status information from the other
servers in the group. From the EPICenter home page, a client attached to any one of the servers in the
server group can view summary status information from the other servers in the group in addition to
the standard Network Summary report. The EPICenter client also lets the user easily navigate between
the different servers in the group to see detailed management information about the devices managed
by those servers.

Security Management

In order to access EPICenter features, a user must log in with a user name and a password.

EPICenter provides three access levels:

• Monitor—users who c an view status inf ormation only.

• Manager—users who can modify device parameters as well as view status information.

• Administrator—users who can create, modify and delete EPICenter user accounts as well as perform

all the functions of a user with Manager access.

The EPICenter Admin applet enables configuration of EPICenter as a Remote Authentication Dial In
User Service (RA DIUS) server. As an alternative, it can be c onfigured as a RA DIUS client, or RA DIUS
auth entic ation fun ction ality can be disa bled .

When EPICenter acts as a RADIUS server, it can be contacted by RADIUS clients (such as Extreme
Networks switches) to configure access permissions for Extreme switches, and to authenticate user
names and passwords. The use of the RADIUS server avoids the need to maintain user names,

EPICenter Componen ts

EPICenter Software In stallation an d User Guide 27

passwords, and a ccess permi ssions in each switch, and in stead centra lizes the con figuration in one
location in EP ICenter.

EPICenter Stand-alone Utilities

The EPICenter software provides several st and-alone ut ilities or script s that streamli ne the process o f
getting informa tion into and ou t of the EPICen ter databas e, or facilitate certain devi ce troubleshootin g
functions. These are the following:

• The DevCLI ut ility lets you ad d devices to and remove dev ices from the EPIC enter invent ory

database via command, and supports batch additions and deletions specified via a file.

• A set of Inventory Export scripts that enable you to export information from the EPICenter database

about the dev ices that are being m anaged. Th e information is provided in a fo rmat suitable for
import into other applications, such as a spreadsheet.

• The SNMPCL I utilit y provides SNMP Get, Ge tNext, and SN MP wa lk features that ma y be ne eded t o

obtain device MIB information for troub leshooting.

• A set of utilitie s that provide a co mmand lin e interface to s everal EP ICenter softw are functions.

These inclu de the A larm Mgr ut ility, FindAdd r utility, Tran sferMgr utility, and VlanMgr utilit y. These
utilities enable you to perform certain EPICenter functions from the command line (or through a
script) rather than through the EPICenter graphical user interface. Results from the Alarm Manager
utility and the Find Address utilit y can be outpu t to a file.

EPICenter Components

The EPICenter software is made up of three major functional components:

• The EPICenter Server, which is based on the Tomcat Java server. The server is responsible for

downloading applets, running servlets, managing security, and communicating with the database.

• A Relational Database Management System (RDBMS), Sybase Adaptive Server Anywhere, which is

used as both a persistent data store and a data cache.

• EPICenter client application s. This can be a n installed c lient application that runs on a

Windows 2000/XP or Solaris system. For Windows systems only, the client can also be a set of Java
applets downloaded from the server to the client on demand into a Java-enabled browser running
the Java plug-in ( Java 1.3.1_03 ).

28 EPICenter So ftware Installatio n and User Guid e

EPICenter and Po licy Manager Overvi ew

Figure 1 illustrates the architecture of the EPICenter software.

Figure 1: EPICenter software architecture

Extreme Networks Switch Management

The EP ICen ter so ftware use s SNMP to mo nito r and manag e the d evic es in the n etwo rk. To avoid t he
overhead of frequent dev ice polling , the EPICen ter softw are also uses a mech anism call ed Smar tTraps to
identify changes in Extreme Networks d evice configur ation.

When an Extreme Networks switch is added to the EPICenter database, the EPICenter software creates
a set of SmartTraps rules that define what events (status and configuration changes) the EPICenter
server needs to know about. These rules are downloaded into the Extreme Networks switch, and the
EPICenter server is automatically registered as a trap receiver. Subsequently, whenever a status or
configuration change takes place, the Extrem eWare software in the switch uses the SmartTraps rules to
determine if the EPICenter server should be notified. These changes can be changes in device status,
such as fan failure or overheating, or configuration changes made on the switch through the
ExtremeWare CLI or ExtremeWare Vista.

The EPICenter server does a “heartbeat” check, by default every five minutes, of all the devices it is
managing to d etermine if th e devices are st ill accessible. It als o does a full po ll of each device at lon ger
intervals. Thi s interval for this less frequent statu s polling can be adjusted o n each individ ual device.
The EPICenter software also gives you the abil ity to gather device status at any time using t he Sync
feature in the Inventory Manager applet.

Relational



database

XM_021

Extreme



device

Extreme



device

Third-party



device

Browser with Java plug-in

Windows client system

Server system

EPICenter applets

Installed client

Windows or Solaris client system

EPICenter applets

Browser

HTML reports

EPICenter server

TCP sockets

SNMP Telnet

Application objects

Extreme Networks Device Suppor t

EPICenter Software In stallation an d User Guide 29

Extreme Networks Device Support

Extreme Networks devices running the ExtremeWare software version 2.0 or later, are supported by
most features in the EPICenter system, including the VLAN Manager and the graphical display features
of the ExtremeView applet. Some features, such as ESRP, or the Policy Manager, require more recent
versions of the ExtremeWare software.

NOTE

See the EPICenter Release Note a nd Quick Start Guide or the Extreme Networks web site for the most
current information on device support in the EP ICenter software.

Third-Party Device Support

Any device running a MIB-2 compatible SNMP agent can be discovered by the EPICenter Inventory
manager, and saved in the Inventory database. All devices in the database can also appear on a
topology map. The EPICenter alarm system can handle SNMP traps from any device in the inventory
database, in cluding RM ON traps from devices with R MON ena bled. The R eal-Time Statistics m odule
can display statistics for any device with RMON enabled, the IP/MAC Finder applet supports all
devices running MIB-2 and the Bridge MIB, with the exception of user mapping, which is specific to
Extreme devices.

Third-party devices that support SNMP version 3 (SNMPv3) are discovered as SNMP version 1
(SNMPv1) and are added to the EPICenter database as SNMPv1 devices.

In the Telnet applet, you can use the Telnet feature with any device that supports a Telnet interface. In
the ExtremeView applet, all Extreme devices and selected third-party devices (including certain Cisco
and 3COM devices) can display a device-specific front panel view in the Summary view. In addition,
vendor-specific generic images are av ailable for additional devices, such as Sun and Nortel, and a
standard generic image can be displayed for all other “unknown” devices. New device images and
configuration description files may be added over time—check the Extreme Networks web site for
information on n ew device sup port.

Overview of the Policy Manager

Policy-based ma nagement is u sed to protect and guarantee deliv ery of mission-c ritical traffic. A
network policy is a set of high-lev el rules for con trolling the priority of, and amount of bandwidt h
available to, var ious types of n etwork traffic. Using EPICenter, polic ies can be defi ned in terms of
indiv idua l use rs an d desk top syst ems, not ju st by IP or MAC addr esses , port s, o r VLA Ns.

The EPICenter Policy Manager lets you work with high-level policy components (users, desktop
systems, groups of users or systems, applications, and groups of devices and ports) in defining policies.
The policy system translates those policy components into the specific information needed for QoS
configuration of ne twork dev ices. It als o detects o verlaps and conflic ts in policie s, with p recedence rules
for resolving conflicting QoS rules.

30 EPICenter So ftware Installatio n and User Guid e

EPICenter and Po licy Manager Overvi ew

NOTE

The EPICenter policy system is based on the policy-based QoS capabi lities in the ExtremeWare
software. For details on the capabilities and impleme ntation of QoS in Ex treme Networks sw itches, see
the Ex tremeWare Software User Guide or the ExtremeWare Release Note for the version(s) of the
software running on your switches.

The EPICenter Policy Manager is a separately-licensed component of the EPICenter product family.
When a Policy Manager license is installed on the EPICenter server, the Policy icon appears in the
Navigation Toolbar at the left of your browser window.

If no icon is present, it in dicates that no current license can be found for the Policy Manager m odule.
See the EPICenter S oftware Installation and User Gu ide or the EPICenter Release Note and Quick Start Guide
for information on obtaining and installing a lic ense.

The EPICenter Policy Manager is organize d into two func tional areas.

• The Policies View, where you can create, view, and modify EPICenter policy definitions for Extreme

Networks devices. The organizing principle within the Policies view is the policy definition.

• The ACL Viewer, where you can view the access list and Qo S rules generated by the Policy Manager

for the devices in your network. You cannot modif y EPICenter po licy definitions from within this
view. Howeve r, you can modif y QoS confi gura tion setti ngs f or Cisc o de vices. The organiz ing
principle within the ACL Viewer is the network device.

From either the Policies View or ACL Viewer, you can mod ify the QoS profiles, change policy
precedence, and configure the currently-enabled policies on one or more devices.

The Policy Manager is closely tied to the EPICenter Grouping applet, which is used to define the
network resources that can be used as traffic endpoints or to specify the policy scope in a policy
definition. Resources must be set up through the Grouping Manager or Inventory Manager before you
can use them in a polic y definition. You should be thoroughly fa miliar with th e Grouping applet bef ore
you begin to define policies usin g the Policy Manager.

Basic EPICenter Policy Definition

A QoS policy in the EPICenter Po licy Manager is c omposed of the fo llowing compo nents:

• A Name an d Description that you supply w hen you create the policy. The Description is optional.

• The Policy Type, which translates to the implementation type (Access-based Security QoS, IP QoS,

Source Port QoS, or VLAN QoS). The implementation type determines the type of traffic grouping
the switch will l ook for in im plementin g the policy. This in turn determine s what type of e ndpoints
are allowed in your traffic definition, and how some of the other elements, such as traffic direction,
are handled.

• A defi niti on of the Ac cess L ist (for Security policies) or Policy Traffic (for IP policie s) to be affected

by the policy. You define the policy traffic by specifying the endpoints the switch should use to
identify the traffic of interest. The EPICenter Policy Manager lets you define the endpoints using a
high-level set of resources described below (see “Policy Named Components” on page 38 for more
details).

• The Access Dom ain or Scope of the policy—the set of network devices on which to apply the policy.